Date: Mon, 7 Jan 2013 07:22:31 +0100 (CET) From: Thomas-Martin Seck <tmseck@web.de> To: FreeBSD-gnats-submit@freebsd.org Cc: rea@freebsd.org Subject: ports/175084: [Maintainer] [Security] www/squid31: integrate vendor fix for CVE-2012-5643 Message-ID: <20130107062231.A9B45130D04@wcfields.tmseck.homedns.org> Resent-Message-ID: <201301070630.r076U0LP029022@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 175084
>Category: ports
>Synopsis: [Maintainer] [Security] www/squid31: integrate vendor fix for CVE-2012-5643
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 07 06:30:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Thomas-Martin Seck
>Release: FreeBSD 8.3-RELEASE amd64
>Organization:
a private site in Germany
>Environment:
FreeBSD ports collection as of January 07, 2013.
>Description:
Add an additional vendor patch to fix the DoS condition in cachemgr.cgi
(SQUID-2012:1, CVE-2012-5643).
>How-To-Repeat:
>Fix:
Apply this patch:
Index: Makefile
===================================================================
--- Makefile (.../www/squid31) (Revision 2092)
+++ Makefile (.../local/squid31) (Revision 2092)
@@ -1,6 +1,9 @@
-# Created by: Adrian Chadd <adrian@FreeBSD.org>
-# $FreeBSD: ports/www/squid31/Makefile,v 1.268 2012/12/10 15:19:19 svnexp Exp $
+# New ports collection makefile for: squid24
+# Date created: Tue Mar 27 14:56:08 CEST 2001
+# Whom: Adrian Chadd <adrian@FreeBSD.org>
#
+# $FreeBSD: ports/www/squid31/Makefile,v 1.266 2012/11/18 16:55:52 svnexp Exp $
+#
# Tunables not (yet) configurable via 'make config':
# SQUID_{U,G}ID
# Which user/group Squid should run as (default: squid/squid).
@@ -78,7 +81,7 @@
http://www1.jp.squid-cache.org/%SUBDIR%/ \
http://www2.tw.squid-cache.org/%SUBDIR%/
PATCH_SITE_SUBDIR= Versions/v3/3.1/changesets
-PATCHFILES= # empty
+PATCHFILES= squid-3.1-10483.patch
MAINTAINER= tmseck@web.de
COMMENT= HTTP Caching Proxy
@@ -254,7 +257,7 @@
libexec+= digest_ldap_auth squid_ldap_auth squid_ldap_group
.endif
.if defined(WITH_SQUID_SASL_AUTH)
-LIB_DEPENDS+= sasl2:${PORTSDIR}/security/cyrus-sasl2
+LIB_DEPENDS+= sasl2.2:${PORTSDIR}/security/cyrus-sasl2
CFLAGS+= -I${LOCALBASE}/include
CPPFLAGS+= -I${LOCALBASE}/include
LDFLAGS+= -L${LOCALBASE}/lib
Index: distinfo
===================================================================
--- distinfo (.../www/squid31) (Revision 2092)
+++ distinfo (.../local/squid31) (Revision 2092)
@@ -1,2 +1,4 @@
SHA256 (squid3.1/squid-3.1.22.tar.bz2) = 16fe2313f981ede1c945eebe3743d8f835e724c6dae296bfc1200af555549424
SIZE (squid3.1/squid-3.1.22.tar.bz2) = 2560270
+SHA256 (squid3.1/squid-3.1-10483.patch) = ac871ad6e078ecc0f2ef0d32f7cbca26a1472d976e749177e60ee644878b0f42
+SIZE (squid3.1/squid-3.1-10483.patch) = 1746
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130107062231.A9B45130D04>